Skip to main content
SpringerLink
Log in

Hybrid Deep Neural Architecture for Detection of DDoS Attacks in Cloud Computing

  • Conference paper
  • First Online:
Intelligent Systems, Technologies and Applications

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1353))

Abstract

Detection and prevention of distributed denial of service (DDoS) attacks are considered to be a keystone of network security. Though a good number of potential solutions have been provided for the detection of attacks, but due to frequent change in attack vectors, a competent technique is essential for combating these new attacks. In this paper, we propose a hybrid method which uses deep neural network (DNN) model for distinguishing DDoS attacks in cloud environment using ant colony optimization (ACO) for learning prime or important hyperparameters for effective classification of DNN. The use of optimal parameters in DNN makes it more accurate for detection of attacks. The proposed approach is validated by comparing its performance w.r.t. parameters detection accuracy, detection rate with the results of three other recent methods based on machine learning. Experiments have been conducted on the CICIDS2017 dataset which is a new benchmark dataset in the area of network security. Proposed approach gives promising results over CICIDS2017 dataset. The detection rate and accuracy are 95.74% and 98.25%, respectively, which are better than state-of-the-art methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.imperva.com/blog/top-10-cloud-security-concerns.

  2. 2.

    https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/security-issues-in-cloud-computing.html.

  3. 3.

    https://siliconangle.com/2020/06/17/aws-mitigated-record-breaking-2-3-tbps-ddos-attack-february.

  4. 4.

    https://www.corero.com/blog/853-academic-research-reports-nearly-30000-dos-attacks-per-day.html.

  5. 5.

    https://www.socialmediatoday.com/news/how-much-data-is-generated-every-minute-infographic-1/525692.

  6. 6.

    https://www.unb.ca/cic/datasets/ids-2017html..

  7. 7.

    https://www.caida.org/data/overview.

References

  1. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, A.V. Vasilakos, Security and privacy for storage and computation in cloud computing. Inf. Sci. 258, 371–386 (2014)

    Article  Google Scholar 

  2. M. Ali, S.U. Khan, A.V. Vasilakos, Security in cloud computing: opportunities and challenges. Inf. Sci. 305, 357–383 (2015)

    Article  MathSciNet  Google Scholar 

  3. J. Srinivas, A.K. Das, N. Kumar, Government regulations in cyber security: framework, standards and recommendations. Future Gener. Comput. Syst. 92, 178–188 (2019)

    Google Scholar 

  4. M. Wazid, A.K. Das, V. Bhat, A.V. Vasilakos, LAM-CIoT: lightweight authentication mechanism in cloud-based IoT environment. J. Netw. Comput. Appl. 150, 102496 (2020)

    Article  Google Scholar 

  5. I. Sharafaldin, A.H. Lashkari, S. Hakak, A.A. Ghorbani, Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy, in International Carnahan Conference on Security Technology, pp. 1–8 (2019)

    Google Scholar 

  6. E. Özer, M. Iskefiyeli, Detection of DDoS attack via deep packet analysis in real time systems, in International Conference on Computer Science and Engineering, pp. 1137–1140 (2017)

    Google Scholar 

  7. B. Meng, W. Andi, X. Jian, Z. Fucai, DDOS Attack detection system based on analysis of users’ behaviors for application layer, in IEEE International Conference on Computational Science and Engineering and IEEE International Conference on Embedded and Ubiquitous Computing, Vol. 1, pp. 596–599 (2017)

    Google Scholar 

  8. D. Sun, K. Yang, Z. Shi, Y. Wang, A distinction method of flooding DDoS and flash crowds based on user traffic behavior, in IEEE Trustcom/BigDataSE/ICESS, pp. 65–72 (2017)

    Google Scholar 

  9. J. David, C. Thomas, Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput. Secur. 82, 284–295 (2019)

    Article  Google Scholar 

  10. S. Saharan, V. Gupta, Prevention and Mitigation of DNS based DDoS attacks in SDN Environment, in 11th International Conference on Communication Systems & Networks, pp. 571–573 (2019)

    Google Scholar 

  11. J. Hou, P. Fu, Z. Cao, A. Xu, Machine learning based DDoS detection through netflow analysis, in IEEE Military Communications Conference, pp. 1–6 (2018)

    Google Scholar 

  12. Z.M. Fadlullah, T. Taleb, A.V. Vasilakos, M. Guizani, N. Kato, DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE/ACM Trans. Networking 18(4), 1234–1247 (2010)

    Article  Google Scholar 

  13. S.A. Ludwig, Intrusion detection of multiple attack classes using a deep neural net ensemble, in Symposium Series on Computational Intelligence, pp. 1–7 (2017)

    Google Scholar 

  14. M. Idhammad, K. Afdel, M. Belouch, Distributed intrusion detection system for cloud environments based on data mining techniques. Proc. Comput. Sci. 127, 35–41 (2018)

    Article  Google Scholar 

  15. D.A.A.G. Singh, R. Priyadharshini, E.J. Leavline, Cuckoo optimization based intrusion detection system for cloud computing. Int. J. Comput. Network Inform. Secur. 10(11), 42 (2018)

    Google Scholar 

  16. Z. Chiba, N. Abghour, K. Moussaid, M. Rida, Intelligent approach to build a deep neural network based IDS for cloud environment using combination of machine learning algorithms. Comput. Secur. 86, 291–317 (2019)

    Article  Google Scholar 

  17. R. Patil, H. Dudeja, C. Modi, Designing an efficient security framework for detecting intrusions in virtual network of cloud computing. Comput. Secur. 85, 402–422 (2019)

    Article  Google Scholar 

  18. B. Hajimirzaei, N.J. Navimipour, Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express 5(1), 56–59 (2019)

    Article  Google Scholar 

  19. S. Hosseini, M. Azizi, The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019)

    Article  Google Scholar 

  20. W. Elmasry, A. Akbulut, A.H. Zaim, Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput. Netw. 168, 107042 (2020)

    Article  Google Scholar 

  21. M. Wang, Y. Lu, J. Qin, A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput. Secur. 88, 101645 (2020)

    Article  Google Scholar 

  22. I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, A detailed analysis of the CICIDS2017 data set, in International Conference on Information Systems Security and Privacy, pp. 172–188 (2018)

    Google Scholar 

  23. N. Moustafa, J. Slay, UNSW-NB15: a comprehensive data set for network intrusion detection systems, in Proceedings of the Military Communications and Information Systems Conference, pp. 1–6 (2015)

    Google Scholar 

  24. C. Kolias, G. Kambourakis, A. Stavrou, S. Gritzalis, Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Survey Tutorial 18(1), 184–208 (2016)

    Google Scholar 

  25. R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, K. Das, The 1999 DARPA off-line intrusion detection evaluation. Comput. Network 34(4), 579–595 (2000)

    Article  Google Scholar 

  26. M. Ring, S. Wunderlich, D. Grüdl, D. Landes, A. Hotho, Creation of flow-based data sets for intrusion detection. J. Inform. Warfare 16, 40–53 (2017)

    Google Scholar 

  27. M. Dorigo, T. Stützle, Ant colony optimization: overview and recent advances, in Handbook of metaheuristics, pp. 311–351 (2019)

    Google Scholar 

  28. W. Liu, Z. Wang, X. Liu, N. Zeng, Y. Liu, F.E. Alsaadi, A survey of deep neural network architectures and their applications. Neurocomputing 234, 11–26 (2017)

    Article  Google Scholar 

  29. C.S. Wickramasinghe, D.L. Marino, K. Amarasinghe, M. Manic, Generalization of deep learning for cyber-physical system security: a survey, in 44th Annual Conference of the IEEE Industrial Electronics Society, pp. 745–751 (2018)

    Google Scholar 

  30. A. Ahmim, L. Maglaras, M.A. Ferrag, M. Derdour, H. Janicke, A novel hierarchical intrusion detection system based on decision tree and rules-based models, in 2019 15th International Conference on Distributed Computing in Sensor Systems, pp. 228–233 (2019)

    Google Scholar 

  31. M. Prasad, S. Tripathi, K. Dahal, An efficient feature selection based Bayesian and Rough set approach for intrusion detection. Appl. Soft Comput. 87, 105980 (2020)

    Article  Google Scholar 

Download references

Acknowledgements

This research work is supported by Technical Education Quality Improvement Project III (TEQIP III) of MHRD, Government of India assisted by World Bank under Grant Number P154523 and sanctioned to UIET, Panjab University, Chandigarh (India).

Author information

Authors and Affiliations

  1. University Institute of Engineering and Technology, Panjab University, Chandigarh, India

    Aanshi Bhardwaj, Veenu Mangat & Renu Vig

Authors
  1. Aanshi Bhardwaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Veenu Mangat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Renu Vig
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aanshi Bhardwaj .

Editor information

Editors and Affiliations

  1. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Marcin Paprzycki

  2. Indian Institute of Information Technology and Management Kerala, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Machine Intelligence Unit, Indian Statistical Institute, Kolkata, West Bengal, India

    Sushmita Mitra

  4. Simon Fraser University, Burnaby, BC, Canada

    Ljiljana Trajkovic

  5. College of Computer Sciences and Engineering, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia

    El-Sayed M. El-Alfy

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bhardwaj, A., Mangat, V., Vig, R. (2021). Hybrid Deep Neural Architecture for Detection of DDoS Attacks in Cloud Computing. In: Paprzycki, M., Thampi, S.M., Mitra, S., Trajkovic, L., El-Alfy, ES.M. (eds) Intelligent Systems, Technologies and Applications. Advances in Intelligent Systems and Computing, vol 1353. Springer, Singapore. https://doi.org/10.1007/978-981-16-0730-1_5

Download citation

Publish with us

Policies and ethics

Search

Navigation